On Tue, Apr 8, 2014 at 2:24 PM, Nux! <
nux@li.nux.ro> wrote:
>
> Hello,
>
> While the Cloud SIG is still being established, let's get to actual
> work and think of a set of features for a CentOS cloud template.
> I am referring here to VMs, not containers (e.g. docker).
>
> This is how I see it so far, please feel free to come with
> suggestions/comments/questions.
>
> A - Single partition for simplicity (and lack of good arguments against
> it)
I was wondering about LVM. It makes reconfiguration much easier (like adding swap). But growroot doesn't support LVM.
> - dracut-modules-growroot included so the template partition will
> expand to match target, cloud-init in charge of resize2fs
Only required for kernel < 3.8. Later kernels can do online partition resizing (handled by cloud-init post initrd).
> B - To swap or not to swap?
Some service providers charge for disk IOs and nobody wants to pay for swap activity, so I vote against swap.
> C - "tuned-adm profile virtual-host" which translates to:
> - kern.sched_min_granularity_ns 10ms
> - kernel.sched_wakeup_granularity_ns 15ms
> - vm.dirty_ratio 40%
> - vm.swappiness 30
> - IO scheduler "deadline"
> - fs barriers off
> - CPU governor "performance"
> - disk readahead 4x
Where do these come from? What's the rational?
These seem to be settings on the host, not the guest.
> E - network interface remapping (75-persistent-net-generator.rules, BZ
> 912801)
Not authorized to access that bug.
> F - Selinux on. Do we relabel for uniqueness? Seen small VMs run out of
> memory while relabelling..
> G - PERSISTENT_DHCLIENT="1" (BZ 1011013)
Ack.
> H - Bundle all the paravirt drivers in the ramdisk
> (virtio/xen/vmware/hyperv) so the same image can boot everywhere?
Seems reasonable. What's the impact on the initrd size?
> I - Per "stack" requirements (e.g. cloudstack relies a lot on root user
> and password logins, openstack tends not to, SSH key only logins etc
> etc)
Can we have a single image that fits all the different requirements?
> That's about all that crosses my mind for now.
K - No firwall. Handled by the service provider.
L - Timezone is set to UTC, Hostname is set to 'centos', lang is en_US.UTF-8, keyboard is us (or whatever you guys think makes sense).
M - NOZEROCONF=yes
N - Along with the image, we'll also provide md5/sha1/sha256 checksums, gpg signed files and a manifest (list of installed packages and their versions).
...Juerg